package com.crazy.web.filter;

import com.crazy.waf.WafRequestWrapper;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * xss注入和sql注入拦截
 * @author zhaochaofeng
 * @date 2020/5/22 14:28
 */
@WebFilter(filterName = "xssFilter", urlPatterns = {"/*"})
public class XssFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        String path = request.getServletPath();
        String[] exclusionsUrls = {".js", ".gif", ".jpg", ".png", ".css", ".ico"};
        for (String str : exclusionsUrls) {
            if (path.contains(str)) {
                filterChain.doFilter(request, servletResponse);
                return;
            }
        }
        filterChain.doFilter(new WafRequestWrapper(request), servletResponse);
    }

    @Override
    public void destroy() {
    }
}
